DNS - Problems setting up forwarder (Linux SLES11 and Windows)

KaMe · 01-08-2013, 04:01 AM

Hello to everyone,

I have some problems with setting up DNS, especially the forwarders doesn't seem to work or just my understanding of it is totally wrong. I am sorry if this is already a solution somewhere, but I was just not able to find anything that suited my problem.

The situation:

In our office we have two domains, one with windows machines and the other one has linux machines (mainly SLES11 and SLES11-SP2). The DNS server is running on one of those with SLES11.

The windows domain name is e.g. domain1.com and the format of the IP addresses is 192.168.11.XX.
For the linux domain it is e.g. domain2.com and the IP addresses are like this 192.168.50.XX.

DNS is working fine on the linux domain on its own.
The forwarder list contains the IP addresses of the master servers of the linux domain and the windows domain.
Btw the linux master server has two IP addresses (192.168.50.XX and 192.168.11.XX). But I only added the one with the 50 to the forwarder list.

My understanding of the DNS forwarders was that it would forward every query it cannot answer within the linux domain to the windows domain, but this only works when I add domain1.com to my search list in the resolv.conf on the master server. Then it only works on the master server and not on the clients.

Somewhere I read that adding a DNS zone with the type forward could help and I added the IP of the master server of the windows domain. But I think I got the use of that zone type wrong.

Do I have to add domain1.com to the search list in the resolv.conf on every client server? I thought they would pick that up from the master server. Or did my settings got messed up somewhere else?

Do you need more information about the settings of the linux master server?

Best regards
KaMe

cliffordw · 01-09-2013, 12:29 AM

Hi Kame,

I'd like to try and help, but am not sure I understand fully what you are trying to do.

A few questions...

Quote:

Originally Posted by KaMe

The forwarder list contains the IP addresses of the master servers of the linux domain and the windows domain.
Btw the linux master server has two IP addresses (192.168.50.XX and 192.168.11.XX). But I only added the one with the 50 to the forwarder list.

How many DNS servers are there running Linux and Windows respectively? If I understand correctly that you are on the Linux server here, you should not add the Linux nameserver IP addresses as forwarders too.

What does your client's resolv.conf look like - pointing to the Linux server?

Quote:

Originally Posted by KaMe

My understanding of the DNS forwarders was that it would forward every query it cannot answer within the linux domain to the windows domain, but this only works when I add domain1.com to my search list in the resolv.conf on the master server. Then it only works on the master server and not on the clients.

and

Quote:

Originally Posted by KaMe

Do I have to add domain1.com to the search list in the resolv.conf on every client server? I thought they would pick that up from the master server. Or did my settings got messed up somewhere else?

I think you might be misunderstanding this.

Let's assume you point your client at the Linux server (call it dns.domain2.com), and have the forwarder for domain1.com configured correctly. If you have servers called server1.domain1.com and server2.domain2.com, the client should be able to resolve both of these names if you specify the full domain name (irrespective of it's search list).

It sounds like you're talking about trying to resolve short names (server1 and server2, without the domain names). For this to work, you need both domain1.com and domain2.com to be in the search list in resolv.conf on the client. The resolv.conf on the server has no bearing on this - it affects only how tools on the server (ping, dig, etc) resolve names; not how BIND resolves names.

Quote:

Originally Posted by KaMe

Somewhere I read that adding a DNS zone with the type forward could help and I added the IP of the master server of the windows domain. But I think I got the use of that zone type wrong.

You're on the right track here. Something like this should work in named.conf on the Linux server:

Code:

zone "domain1.com" in {
        type forward;
        forwarders {
                192.168.11.XX;
                192.168.11.YY;
                };
        forward only;
};

zone "11.168.192.in-addr.arpa" in {
        type forward;
        forwarders {
                192.168.11.XX;
                192.168.11.YY;
                };
        forward only;
};

I hope this helps. Good luck!

m1qe · 01-09-2013, 04:09 PM

Hi.

By default SLES 11 DNS does not allow recursive queries, and will deny queries from clients for external zones.
In Yast, choose DNS Server | Basic Options | Option -> allow-query
Enter the subnets you want to allow, in your case { 192.168.50.0/24; };

You can also edit the file /etc/named.conf, there is an example for allow-query by default.

Good luck!